Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
1471 results found
-
11 votes
Thank you for your input! We will consider functionality to implement ability to set TLS as required for email connections in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Please note that STARTSSL is a service of StartCom and there are issues with them to stay in CA role http://www.pcworld.com/article/3129725/certificate-policy-violations-force-reform-at-startcom-and-wosign.html so STARTSSL support will not be implemented in Plesk.
—
ET -
Secure default HTTPS settings
Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).
One very good scanner is https://observatory.mozilla.org/
This includes some headers to be sent, and secure TLS settings.
Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLSThe remaining things should be set in Wordpress directly directly by Plesk.
19 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— ES
-
don't write in the backup repository during plesk updates
I mounted a remote server via sshfs and set it as the plesk backup repository, so I can backup my domains through sftp (with a keyfile).
But now, whenever I try to upgrade my plesk installation, plesk writes files to my backup repository (i.e. mysql backup before a mysql upgrade) and immediately tries to change the owner of the file, which fails because chown it is not supported on mounted directories.
The best solution would be to provide the option to set a different path for automated backups.
4 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Allow spaces in passwords.
I have been having all of my users use a sentence for their passwords. without spaces this is really going to confuse them. Just switching to plesk now.
5 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—ES
-
provide more nginx options
Have the ability to provide more Nginx builds/packages. For example, offer a 'nginx-full'-package with more modules.
For example, I need the Nginx headers more module. Since this need to be built-in at compile time, it isn't possible to add this later on. So that would mean replace the Plesk version of Nginx with the distro-default. (Heck, why does Plesk need it's own Nginx-build, anyway?)
No, passing headers from Apache is not an option, especially when I'm using the Nginx - PHP-FPM setup.
109 votes -
Support for Helicon Ape
Helicon Ape is a great tools for the support of .htaccess with IIS. I was really surprised, that Plesk does not support it yet.
We like to move from WSP to Plesk, but we need support For Helicon Ape.
Plesk should allow to edit .htaccess from the UI.
9 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU
-
Outgoing Mail Control collect sample of offending emails
When Outgoing Mail Control detects a user abusing the sending limits, it would be helpful for the emails that are sent beyond the limit to be sampled in some way: To: From: Subject: Headers, possibly the first line of the email, origination ip address of the offending email.
This information can help the admin decide if it was the user just sending to many emails or if the email has been compromised and needs to be addressed.
As a similar but different idea, emails beyond the limit could be cached for a short time to allow the administrator to decide…
90 votes -
show the last time a mailbox was accessed by the user
This would allow you to see mailboxes that are no longer in use.
100 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.-DL
-
web statistics with additional info (HTTP/HTTPS, IPv4/IPv6)
I would like to compare HTTP to HTTPS traffic and IPv4 to IPv6 traffic. The data should be in the logs, but it is currently not displayed.
15 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— ES
-
Enable email subject and keywords to be blocked in spamfilter
Allow users and admin to select subject lines and keywords as well as keywords in the email body to be added to the spamfilter blacklist.
Currently spammers are just changing domains and sending the same email templates.
95 votes -
Global blacklist for each domain
Now i have to insert a mailadresse at each mailaccount-blacklist.
i think it easier to use, i im able to handle a whiltelist/blacklist for all mailaccounts6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU
-
Allow Wordpress Scan to search for a custom directory name instead of wp-content
I habitually rename my wp-contents directory for security reasons (as part of iThemes Security). As a result Plesk no longer recognises the Wordpress installations on the server, when scanning so I'm unable to take advantage of Plesk's Wordpress features.
Please could this be modified to allow me to specify a custom name for my wp-contents directory?
32 votesThis looks like a valid feature, so we’ll see when we can implement it. Please continue voting if this feature is important for you, so we can prioritize feature accordingly.
—AK
-
Add SMS (text) verification as optional 2FA
sms verifying on login
9 votesThis is a valid request. Please keep voting on this if you believe it is an important feature.
-- PD
-
Administration: list domains, using the installed SSL certificates
If I want to remove on "Tools & Settings > SSL Certificates" expired certificates, I can not delete it when it is still used by a domain. I can not see which subscriptions use the expired SSL certificate. So I have to click through all domains individually and look in the hosting settings. The assigning of a standard certificate via "Tools & Settings > IP Address" does not work for all domains.
23 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Set right ciphers by default on Windows
There is a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/
but there is no tool to do it automatically (and by default during the installation).
4 votesAFAIU, the request is about right ciphers for SSL configuration. We have a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/ but have no tool to do it automatically, so, this is a valid request, we’ll look into it.
There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
— rk
-
sort, archive or filter (not spam) email on server directly when received
I'm using different (imap) clients on different devices to read emails. Many of them can be sorted / filtered / archived in specific subfolders by subject, sender or similar.
Most - but not all - clients can be configured to do so - but this means also to reconfigure several clients on rule changes.So i'd like to suggest the possibility to handle emails on receiving on the server.
E.g:
- if sender ends with "domain.foo" or subject contains "project bar" then move to folder bar and mark as read
- if sender is "foo@domain.bar" forward to "…6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
Add an option to lock/freeze a website
Hi,
some Hosts (e.g. Strato) use a functionality to completely lock a site. This is very useful for customers that dont want to do any changes to their website anymore but use an old version of a cms and forget/dont want to upgrade.
Of course there should be a warning about the consequences like non working file caching etc.
11 votes -
Make PLESK compatible with "Microsoft Security Essential" for Windows servers
Microsoft Security Essential is a free and powerful security software for windows server. I recommend make PLESK compatible with this software to have a powerful and simple security solution.
7 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU -
Improvements for Wordpress Toolkit
Disable the built-in code editor adding define('DISALLOWCODEEDIT', true); in wp-config.php
Anonymize login error message because it actually tells you what is wrong (the username or the password), hooking into loginerrors with addfilter('login_errors, function() { return 'Login error'; });
Apply permission 400 (-rw-------) to wp-config.php
Change login URL avoiding the standard /wp-login.php or /wp-admin/ (pre)installing plugin "Lockdown WP Admin" or applying the same idea.
Block brute force (pre)installing plugin "Limit Login Attempts" or applying the same idea.
Mentioned plugins may be installed by default when Wordpress is installed through the APS, and may be added as an…
46 votesThese suggestions look quite reasonable. We encourage other WPT users to join and let us know what other security improvements you’d like us to implement in WPT.
—AK
-
Wordpress install
Allow reseller/customer to install wordpress (and maybe apps) via XML-API. (without APS / admin permission).
9 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— ES
- Don't see your idea?